statistics-for-strava

v4.8.5 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 2d Dashboards & Home Pages

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

self-hosted statistics strava strava-data

Affected surfaces

auth rbac

Summary

AI summary

Updates New features, Technical details, and Bug fixes across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Security	High	Tightened file access rules to improve application security Tightened file access rules to improve application security Source: llm_adapter@2026-06-01 Confidence: high	—
Feature	Low	Added activity elapsed time display on the activity detail page Added activity elapsed time display on the activity detail page Source: llm_adapter@2026-06-01 Confidence: high	—
Bugfix	Medium	Fixed and refined Caddy server directives with added test coverage Fixed and refined Caddy server directives with added test coverage Source: llm_adapter@2026-06-01 Confidence: high	—

Full changelog

New features

Added activity elapsed time to the activity detail page

Improvements

Improved application security by tightening file access rules
Improved accessibility of the mobile navigation menu

Bug fixes

Fixed and refined Caddy server directives, with additional test coverage to prevent future regressions

Technical details

ISSUE #2104: Harden security by @robiningelbrecht in https://github.com/robiningelbrecht/statistics-for-strava/pull/2105
ISSUE #2106: Add button state to the mobile menu trigger by @robiningelbrecht in https://github.com/robiningelbrecht/statistics-for-strava/pull/2108
ISSUE #2107: Fix Caddy directives and add proper tests by @robiningelbrecht in https://github.com/robiningelbrecht/statistics-for-strava/pull/2109
ISSUE #2110: Activity elapsed time by @robiningelbrecht in https://github.com/robiningelbrecht/statistics-for-strava/pull/2111

Full Changelog: https://github.com/robiningelbrecht/statistics-for-strava/compare/v4.8.4...v4.8.5

Security Fixes

Tightened file access rules to improve application security (ISSUE #2104)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track statistics-for-strava

Get notified when new releases ship.

About statistics-for-strava

Self-hosted, open-source dashboard for your Strava data.

All releases →